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I (57) Abstract 

A method of and system for secure communicaiion using Bignaturc veiification. A message sender transmits to a trusted server 8 set 
i of biometric data, such as itpresentins tiie sender's handwritten signatuie, and a set of information about a message, such as a message 
identifier. The server verifies the sender's signature against a signauirt feature vector database, and provides tiie sender with a key for 
securely encoding the message. The sender encodes the message and transmits ii to a message receiver. The receiver transmits to the 
I server a second set of biometiic data, such as rcprMcnling die rtceivcr's handwritten signanire. The server verifies the recdver's signanire 
against the signature feanire vector database, and provides the receiver with the message identifier and a key for decoding the message. 
The biometric data represents a handwritten signature given contemporaneously by die sender or receiver, and is verified against a set of 
template signatures earlier given by the sender and receiver and recorded by the server, or may represent fingerprints, voicepiints. retinal 
images, odier biometric data, or any arbitrary data which is particular to the sender or receiver and which the server is capable of verifying 
The message comprises a single set of binary or text data, such as a file, or the message may comprise a stream of data and the method may 
be used for a virtual circuit to be created between the sender and receiver. The server may enhance the communication channel between 
the sender and the receiver, for example by transmittmg signals to the sender representing whether the message was received. 



FOR THE FVJiPOSES OF iNFORMATJON ONLY 



Codes used to identify States party to the PCX on the front pages of pamphleu publishing intemational 
applications under the PCT. 



AM 


Armenia 


GB 


Ihiiicd Kii^fdoa 


MW 


Malawi 


AT 


Aitttrta 


GE 


Gcoigia 


MX 


Mcako 


At) 


AtutsBlia 


GN 


GutaMa 


NE 


Niger 


BB 


Biflndos 


GR 


Ortcoe 


NL 


Ncthethnda 


BE 


Be^imn 


HU 


Hmgvy 


NO 


Nofway. 


BF 


BurldDS Fiso 


IE 


Irthnd 


NZ 


New Zealand 


BG 




IT 


Italy 


FL 


Polaad 


BJ 


Benin 


. JP 


Japaa 


FT 


Portufa] 


BR 


BrszD 


KE 


Kenya 


RO 


Kdnnua 


BY 


Behras 


KG 


KyrgyMD 


RU 


Rwsian Fedctalion 


CA 


Canada 


KP 


Denocnlic Fcopk*s Rcpnblic 


SD 


Sudan 


CP ■ 


Ccmnl African RepiMic 




flf KMca 


8E 


Sweden 


CG 


Confo 


KR 


Republic of Korea 


SG 


SbtgapOR 


CH 


Switsobad 


KE 


KaiaHitiin 


a 


Slovenia 


a 


COtf dime 


U 


UedttcniieiD 


SK 


Slovakia 


CM 


CaiDCfDOB 


UC 


SriLairia 


SN 


Senegal 


CN 


QuDa 


LR 


libeda 


sz 


Swaziland 


CS ' 


Czechoslovakia 


LT 


Lkhuinb 


TO 


Chad 


CZ 


Cxech Kqiublic 


LU 


Luxembouix 


TG 


Togo 


DE 


Germany 


LV 


Larvia 


TJ 


T^JiDStan 


DK 


Deiustik 


MC 


Monaco 


. TT 


Trinidad and Tobago 


EE 


Estonia 


MD 


Rcpoblk of Moldova 


UA 


UknJae 


ES 


Spab 


MG 


Madaiascar 


UG 


UganSa 


n 


Finland 


ML 


Mifi 


US 


Ufiited Staiei of Anwica 


FR 


France 


MN 


MoQpAa 


VZ 


UzbeUsUD 


CA 


Gabon 


MR 


ManiilaDia 


VN 


Viet Nan 



wo 97/08868 



Title of the Invention 



PCT/US96/13736 



Method of Secuie Coimnunication Using Signature Verification 

Background of the Invention . ' 

5 1 • Field of the Invention 

This inventioo relates to a method of secure communicaiion using signature 

veiificatiOD. 

2 . Description of Related Art 

Id some environments, communicating ihessages is brought with the risk that 
1 0 unauthorized persons may intercept the messages and read them, or may insert counterfeit 

messages into the message sueam. Various methods have been proposed for communication in 
such environments; these various methods generally require message encryption and secure 
distribution of encryption keys. 

In environments where communicating users are mobOe, one problem \v4iich 
15 has arisen in the art is the difficulty of easily and quickly authenticating the identities of users. 
One known solution is to provide each user with a password or other key, and to require the 
user to enter that password for authentication. However, this known method is subject to 
several drawbacks. First, the password may be forgotten or otherwise lost This would 
require the user to obtain a new password or otherwise obtain authentication iising another 
20 channel. 

Second, the password (or some transformation thereof) must be transmitted 
from the user's new position to some entity for authenticatioiL This creates a point of attack for 
unauthorized persons to identify the password or its transformation and copy that information 
for thdr own use. Once a password has been compromised, it is easy for an unauthorized 
25 person to enter that password and obtain improper authentication. 

Third, the password may simply be guessed by unauthorized persons, 
particulariy those who are familiar with the user. 

Accordingly, it would be advantageous to provide a system in which users may 
easily and quickly authenticate their identities and communicate with other users, and in which it 
30 is difficult for authentication means (1) to become lost, (2) to be copied by unauthorized 
persons, or (3) to be guessed by unauthorized persons. 
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Summary of the Invention 

• i 
The mventioD provides a method of and system for secure c'onm 
using signature verification. A message sender transmits to a trusted server a set of bioraetric 
data, such as representing the sender's handwritten signature, and a set of infonnation about a 
5 message, such as a message identifier. The server verifies the sender's signature against a 
signature feature vector database, and provides the sender with a key for securely encoding the 
message. The sender encodes the message and transmits it to a message receiver. The receiver 
transmits to the server a second set of biometric data, such as representing the receivci's 
. handwritten signature. The server verifies the receiver's signature against the signature feature 
1 0 vector database, and provides the receiver with the message identifier and a key for decoding 
the messae&. 

In a preferred embodiment, the bioraetric data represents a handwritten signamre 
given contemporaneously by the sender or receiver, and is verified against a set of template 
signatures earlier given by the sender and receiver and recorded by the server. However, in 
1 5 alternative embodiments, the biometric data may represent facial images, fingerprints, hand 
images or handprints, foot images or footprints, human genome data, retinal images, 
voiceprints, recorded spoken statements, or other biometric data, or any arbitraiy data which is 
particular to the sender or receiver and which the server is capable of verifying. 

In a preferred erabodiraenl, the message comprises a single set of binary or text 
20 data, such as a file. However, in alternative embodiments, the message may comprise a stteam 
of data and the method may be used for a virtual circuit to be created between the sender and 
receiver. In other aliemadve embodiments, the server may enhance the communication channel 
between the sender and the receiver, for example by transmitting signals to the sender 
representing whether the message was received, and if so, when. 

25 Brief Description of the Drawings 

Figure 1 shows a block diagram of a system for secure communication using 
signature verification. 

Figure 2 shows a flow diagram of a method of secure commimication using 
signature verification using an arrangement as shown in figure 1 . 
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Description of the Preferred Embodiment 



In the foUowiDg description, a preferred embodiment of the invention is 
described with regard to preferred process steps and data stractures. However, those skilled in 
the art would recogiuze, after perusal of this application, that embodiments of the invention mBy 
5 be implemented using a set of general purpose computers operating under program control, and 
. that modification of a set of general ptupose cornputers to implement the process steps and data 
structures described herein would not require undue invention. 

Secure Communication Using Signature Verification 

Figure 1 shows a block diagram of a system for secure commurucation using 
10 signature verification. 

A system 100 for secure communication comprises a server 110, a message 
sender 120, a first conununicadon path 131 between the server 1 10 and the sender 120, a 
message receiver 140, a second communication path 132 between the server 110 and the 
recdver 140, and a third communication path 133 between the sender 120 and the receiver 140. 

15 In a preferred embodinient, the first communication path 1 3 1, the second 

communication path 132, and the third communication path 133 comprise communication paths 
in a network 130 such as a local area network (LAN), a wide area netwoilc (WAN), oj a 
network of networks (an "internet"). Preferably, the first communication padj 131, the second 
communication path 132, and the third communication path 133 comprise dynamically routed 

20 communication paths constructed using network media, routers, and other intermediate 

processors in ari internet However, in alternative embodiments, the first communication path 
131, the second communication path 132, and the third communication path 133 may comprise 
telephone connections in a telephone network, coupled between telephones at the server 1 10, 
the sender 120, and the receiver 140. 

26 The server 1 10 comprises a database 1 11 of authentication information. The 

database 1 1 1 is pr&ferably stored using a mass storage device such as magnetic disk, optical 
disk, or magnetic tape, but may alternatively be stored using any technique which allows for 
storage and retrieval of biometric information. 

In a preferred embodiment, the database 111 comprises a set of signature feature 
30 vectors 112 such as those described with a method of signature verification shown in the 
following disclosures: 
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o Application Serial No. 08/1 69,654, filed December 17, 1993, in the name of inventors 
Ali Mohamed Moussa and Chih Cban, titled "Method for Automatic Signature Verification", 
assigned to the same assignee, and having attorney docket number ACS-OOl ; and 

0 Application Serial No. 08/483,942, filed June 7, 1995, in the name of inventors Ali 
5 Mohamed Moussa and Chih Chan, titled "Mediod for Automatic Signature Verification", 
assigned to the same assignee, and having attorney docket number ACS-002. 

Each of these applications is hereby incorporated by reference as if fully set forth 
herein. There are collectively refeired to herein as the Signanne Verification Disclostnes. 

However, in alternative embodiments, the database 1 1 1 may comprise 
1 0 alternative sets of bioroetric data or other data for validating signatures from the sender 120 or 
the receiver 140, For example, such biometric data may comprise all or a selected part of, or an 
encoding of, a set of biometric information about a person, which biometric infoimation may 
comprise a facial image, a fingerprint, a hand image or handprint, a foot image or foo4)rint, a 
human genome or related genetic information, a rednal image, a voiceprint or other record of a 
1 5 spoken statement, or alternatively any other biometric information which is substantially tmiquc 
to a first selected individual and difficult to adapt to a second selected individual. Biometric 
information differs from memorized information such as a password. Authentication using 
biometric information differs from physical forms of authentication such as using a pass key. 

The server 1 10 also comprises a processor 113 operating under software 
20 program conu^ol for performing the functions described herein, having memory for storing 

software programs and data, and having mass storage for storing all or pan of the database 111. 

The processor 1 13 includes a verifier 1 14 for operating on the database 111 and 
on signature feature vectors 1 12 received from the sender 120 or the receiver 140, In a 
preferred erobodiraent, the verifier 114 performs the metiiod of signature verification shown in 
25 the Signature Verification Disclosures. However, in alternative embodiments, the verifier 1 14 
may perform another method of signature verification or verification of otiier biometric data. 

The sender 1 20 comprises a pen tablet 1 21 for receiving a signature from the 
sending person, b a preferred embodiment, the pen tablet 121 comprises one like thai shown 
in the Signature Verification Disclosures. 

30 The sender 120 also comprises a processor 122 coupled to the pen tablet 121, 

operating under software program control for performing the functions described herein, having 
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roemoiy for storing software programs and data, and for sioring a signature feature vector 1 12 
constructed for the sending person, and having mass storage for storing messages to be sent 

The rwdver 140 comprises a pen tablet 141 for receiving ai signature from the 
receiving person. In a preferred embodiment, the pen tablet 141 is isimilar^ to the pen tablet 121, 
5 and comprises one like that shown in the Signature Veriikation Disclosure 

The receiver 140 also comprises a processor 142 coupled to the pen tablet 141, 
operating under software program control for performing the functions described herein, having 
memory for storing software programs and data, and for storing a signature feamre vector 112 
constructed for the receiving person, and having mass storage for storing received messages. 

10 The server 1 10, the sender 120, and the receiver 140 collectively perfoiro the 

method shown herein. 

Method Of Secure Communication 

Figure 2 shows a flow diagram of a method of secure communication using 
signature verification using an arrangement as shown in figure L 

15 At a flow point 200, the sender 1 20 desires to send a message to the receiver 

140. 

At a step 210, the sender 120 registers a set of signature feature vectors 112 for 
the sending person, using the first communication path 131 (between the server 1 10 and the 
sender 120). To perform this step 210, the sender 120 performs the step 211 through the step 
20 213. 

At a step 21 It the sender 1 20 coUects a set of template signatures from the 
sending person using the pen tablet 121 . 

At a step 212, the sender 120 fonns a set of signature feature vectors 1 12 for the 
template signatures for the sending person, using the processor 122. The sender 120 preferably 
25 performs methods shown in the Signature Verification Disclosures. 

At a step 213, the sender 120 transmits the set of signature feature vectors 1 12 
for the template signanires for the sending person to the server 1 10, using the first 
communication path 131. In a preferred embodiment, it is not necessary that the first 
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communication path 131 is secure against reading by unauthorized third parties, only that the 
first communication path 131 is secure against unauthoriz^ third parties altering the set of 
signature feature vectors 1 12 without detection. 

Once the signature feature vectors 1 12 for the template signatures for the sending 
person are registered at the server 1 10, the sending person may use the sender 120 to transmit a 
message. Although in a preferred embodiment, the signature feature vectors 112 for the 
template signatures for the sending person are transmitted from the sender 120 to the server 
1 10, in alternative erabodimcnu the sending person may deliver their signature feature veaors 
1 12 by other means. For example, the sending person may altOTiativcly use a different physical 
device in place of the sender 120 for transmitting signature feature vectors 1 12 for their template 
signatures to the server 1 10, or may use the server 110 directly for entering their template 
signatures and foiining signature feature vectors 112 therefor. 

At a step 220, the sender 1 20 verifies a new signature from the sending person. 
To perform this step 220, the server 1 10 and sender 120 perfonn the step 221, the step 222, 
and the step 223. 

At a step 221, the sender 120 collects a lest signature from the sending person 
using the pen tablet 121. 

At a step 222, the sender 120 fonms a signature feature vector 1 12 for the test 
signature for the sending person. The sender 120 preferably perfonras methods shown in the 
Signature Verification Disclosures. 

At a step 223, the server 1 1 0 receives the signamre feature vector 1 1 2 for the test 
signature for the sending person, and attempts to verify that test signature against the set of 
signanjre feanire vectors 1 12 template signature for the sending person, using the processor 
1 13, The server 110 preferably performs methods shown in the Signamre Verification 
Disclosures. 

If the attempt to verify is successful (Le., the test signature is considered to 
match the template signamrcs), the server 1 10 proceeds vwth the step 230. If the attempt to 
verify is unsuccessful (i.e., the lest signamre is considered to not match the template 
signamres), the server 1 1 0 transmits a message so indicating to the sender 1 20. 

In a preferred embodiment, iif the attempt to verily is unsuccessful, the server. 
1 10 and the sender 120 may conduct a set of rcaticmpts to verify the sending person, such as by 
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WO 97/08868 rwwwo 
requesting an additional test signature and repeating the step 221, the step 222, and the step 
223. Alieniatively, the server 110 and the sender 120 may attenipt to ver^ 
by other means, such as by using other bioraetiic data, by using memorized data such as a 
passv^^ord, or by using physical authentication such as requiring pass key from the sending 
5 person. 

In a preferred embodiment, methods shown in the Signature Verification 
Disclosures are adapted to' provide one of three alternative results from ihe attempt to verify the 
test signature — (1) the test signature is considered to match the template signatures, (2) Ae test 
signature is considered to not match the template signamies, or (3) the result of the attempt to 
1 0 verify is considered ambiguous. In the event of the third alternative result, the server 110 and 
the sender 120 may conduct a supplemental attempt to authenticate the sending person, such as 
by requesting additional test signatures, by using other biometric data, by using memorized data 
such as a password, or by using physical authentication such as requiring pass key from the 
sending person. 

15 At a step 230, the server 1 10 transmits to the sender 120 a key for encoding the 

message to be transmitted from the sender 120 to the receiver 140. 

In a preferred embodiment, the key for encoding comprises a key for a 
symmetric encoding/decoding method such as the Data Enciyption Standard (DES). 

However, in aliemaiive embodiments, the key for encoding may comprise a 
20. first key from a key pair used in a public key system. 

At a step 240, the sender 120 encodes the message using the key for encoding, 
to generate an encoded message. 

At a step 250, the sender 120 transmits the encoded message to the receiver 140 
using the third communication path 133. 

25 At a step 260, the receiver 1 40 registers a set of signamre feature vectors 1 1 2 for 

the receiving person, using the second communication path 132 0>etween the server 1 10 and the 
receiver 140). To perform this step 260, the receiver 140 performs steps like the step 211 
through the step 213. The receiver 140 collects a set of template signatures from the receiving 
person using the pen tablet 141. The receiver 140 forms a set of signature feanire vectors 112 

30 for the template signatures for the sending person, using the processor 142, The recdver 140 
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transmits the set of signature feature vectors 1 12 for the template signatures for the receiving 
person to the server 1 10, using the second communication path 132. 



As was the case for the sending person, once the signature feature vectors 1 12 
for the template signatures for the receiving person are registered at the sen^ 1 10. the receiving 
person may use the receiver 140 to receive a message. Although in a preferred embodiment, the 
signature feature vectors 1 12 for the template signatures for the receiving p^^n are transmitted 
from the receiver 140 to the server 1 1 0, in alternative embodiments the receiving peison may 
deliver ibdr signature feature vectors 1 12 by other means similar to those shown herein for the 
sending person. 

In addition, it is not necessary for the signature feature vectors 1 12 for the 
template signatures for the receiving person lo be registered at Ae server 1 10, if tiiey have 
already been registered at the server 1 10 for the same person as a sending person. Once an 
individual is registered at the server 1 10 in one capacity, the server 110 will retrieve their 
signature feature vectors 112 when they use the server 1 10 in another capacity. 

At a step 270, the receiver 140 verifies a new signature from the receiving 
person. To perform this step 270, the receiver 140 performs steps like the step 221 through the 
step 223. The receiver 140 collects a test signature from the receiving person using the pen 
tablet 141. The receiver 140 forms a signature feature vector 112 for the test signature for the 
receiving person. The server 1 10 receives the signature feature vector 112 for the lest signature 
for the receiving person, and attempts to verify that test signature against the set of signature 
feature vectors 1 12 template signature for the receiving person, using the processor 1 13. 

If the attempt to verify is successful (i.e., the test signature is considered to 
match the template signatures), the sender 1 10 proceeds with the step 280. If the attempt to 
verify is unsuccessful (i.e., the test signature is considered lo not match the template 
signatures), the server 110 aansmits a message so indicating to the receiver 140. If the attempt 
to verify is unsuccessful, the server 110 and the receiver 140 may conduct a set of reatiempts to 
verify the receiving person, simUar to processing in the step 223 for the sending person. 

At a step 280, the server 1 10 transmits to the receiver 1 40 a key for decoding the 
encoded message that was transmitted from the sender 1 20 to the receiver 140. 

In a preferred embodiment, the key for decoding comprises the same k^ as 
the key for encoding, for use in a symmetric encoding/decoding method such as the Data 
Encryption Standard (DES). 
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However, in aliemaiive erabodiments, the key for decoding may comprise a 
second key from a key pair used in a public key sysiera, and corresponding to the key pair from 
which the key for encoding was selected. 

In a preferred embodiment, server 1 10 generates a signal to the sender 120, 
indicating that the receiver 140 has recdved the key for decoding, and therefore that biometric 
data for the receiving person has been verified The server 110 transmits this signal to the 
sender 120 using the first communication path 131. This signal provides the sender 120 wiA 
an indication that fte receiver 140 has received the message. Preferably, the signal provides an 
identifier for the message (so as to distinguish between several messages transmitted from the 
sender 120 to the receiver 1 40) and a timeslamp value represenutive of when the key for 
decodng was transmitted from the server 1 10 to the receiver 140. 

At a step 290, the receiver 1 40 decodes the encoded message using the key 
for decoding, to recover the original message. 

In a preferred embodiment, the message comprises a single set of binaiy or 
text data, such as a file being transferred using a file transfer protocol or other network 
protocol. To generate the encoded message, the enure file is encoded using the key for 
encoding in a block encoding technique, thus creating an encoded file. The encoded file is 
transferred using the file uansfer protocol or other network protocol. To recover the original 
message, the entire encoded file is decoded using the key for decoding. 

However, in alternative embodiments, the message may comprise a stream of 
data and the method may be used for a virtual circuit to be created between the sender and 
receiver. To generate the encoded message, each separate transmission is encoded using the 
key for encoding in a stream encoding technique, thus creating an encoded stream of 
transmissions from die sender 120 to the receiver 140. The encoded stream is transferred using 
a "telnet" protocol or other su^am communication protocol. To recover the ori^al stream of 
transmissions, the encoded stream is decoded using the key for decoding. 

The receiver 140 may generate a response message to be transmitted to the 
sender 120. In this event, the receiver 140 may obtain a new key for encoding from the server 
110, using the method described with regard to figure 2. Alternatively, since the receiver 120 
has obtained from the server 1 10 a verification of the biometric data for the receiving person, 
the method may be su-eamlined for response messages from the receiver 140 to the sender 120. 
The server 1 10 may simply generate a key for encoding the response message and transmit that 
key for encoding to ihc receiver 140, and generate a key for decoding tiie response message and 
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transniii thai key for decoding lo the sender 120. In a prefemed erabodinieni where the key for 
encoding and the key for decoding the original message arc substantially identical, the receiver 
140 may use the key for decoding the original message as a key for encoding the response 
message and the sender 120 may use the key for encoding the original message as a key for 
decoding the response message, 

AlternBtive Embodiments 

Although prefemed embodiments are disclosed herein, many variations are 
possible which remain within the concept, scope, and spirit of the invention, and these 
variations would become clear lo those skilled in the art after perusal of this application. 



10 

SUBSTITUTE SHEET (RULE 26) 



wo 97/08868 PCT/US96/13736 

Claims 

Wcdaim: 

1 . A method for communication between a send^ and a receiver, said 
method comprising 

5 transmitting from said sender to a server a set of biometric data for a sending 

person; 

verifying, at said server, said biometric data for said sending person; 
transmitting from said server to said send^ a key for encoding said message; 
encoding a message using said key for encoding to generate an encoded 

10 message; 

transroitting said encoded message to said receiver; 

transmining from said recdver to said server a set of biometric data for a . 
recdving person; 

verifying, at said server, said biometric data for a receiving person; 
1 5 transmitting from said server to said receiver a key for decoding said encoded 

message; and 

decoding said encoded message at said receiver. 

2. A method as in claim 1 , comprising 

encoding a second message using said key for encoding to generate a second 
20 encoded message; and 

decoding said second encoded message using said key for decoding. 

3 . A method as in claim 1 , comprising 

transmitting &om said server to said receiver a key for encoding a response; 
encoding a response using said key for encoding to generate an encoded 

25 response; 

transmitting said encoded response to said sender; 

transmitting from said server to said sender a key for decoding said encoded 

response; and 

decoding said encoded response at said sender. 

30 4. A method as in claim 1, comprising transmitting from said server to 

said sender a signal representing whether said biometric data for said receiving person was 
verified at said server. 

5 . A method as in claim 1, wherein said key for encoding said message and 
said key for decoding said encoded message are paired keys in a public key system. 
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6. A method as in claim 1, wherein said key for encoding said message and 
said key for decoding said encoded message are subsianiially identical. 

7 . A method as in claim 1 , wherein said biomelric data for said receiving 
person represents at least a portion of ' 

a facial image, 
a fingerprint, 
a hand image, 
a handprint, 
a foot image, 
a footprint, 
a human geiiome,. 
a retinal image, 
a voicepiint, or 

a record of a spoken statement 

8. A method as in claim 1, wherein said biometric data for said receiving 
person represents a receiver's signature, 

9. A method as in claim 1, wherein said step of verifying said biometric 
data for said receiving person comprises 

receiving a set of template biometric data from said sender; 
receiving said biometric data for said receiving person; and 
comparing said biometric data for said receiving person against said set 
of template biometric data from said sender. 

10. A system for communication between a sender and a receiver, said 
system comprising 

an input device coupled to said sender, said input device disposed for receiving a 
set of biometric data for a sending person; 

a server, said server coupled to said sender and to said receivo*, said server 
comprising a biometric data verifier and a generator of a key for encoding and a key for 
decoding; 

means, at said sender, for encoding a message using said key for encoding, 

to generate an encoded message; 

a communication path between said sender and said receiver, 

an input device coupled to said receiver, said input device disposed for receiving 

a set of biometric data for a receiving person; 
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raeans. at said receiver, for decoding said encoded message using said key for 

decoding. 

11. A system as in claim 10, comprising 

means, at said sender, for encoding a second message using said key for 
5 encoding to generate a second encoded message; and 

means, at said receiver, for decoding said second encoded message using 
said key for decoding. 

12. A system as in claim 10, comprising 

means, at said receiver, for encoding a response using said key for encoding to 
1 0 generate an encoded response; and 

means, at said sender, for decoding said encoded response. 

13. A system as in claim 10, comprising means, at said server, for 
transmitting to said sender a signal representing whether said biometric data for said receiving 
person was verified. 

-J 5 14. A system as in claim 10, wherein said key for encoding and said key 

for decoding are paired keys in a public key system. 

15. A system as in claim 1 0, wherein said key for encoding and said key 
for decoding are substantially identical. 

16. A system as in claim 10, wherein said biometric data for said 
20 receiving person represents at least a portion of 

a facial image, 

afmgerprint, 

a hand image, 

a handprint, 
25 a foot image, 

afoo^rint, 

a human genome, 

a retinal image, 

a voiceprint, or 
30 a record of a spoken statement. 
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17. A system as in claim 10, wberciD said biometric data for said receiving 
person represents a recdver's signature. 

1 8. A system as in claim 10, wherein said biometric data verifier comprises 
a set of template biometric dau from a person whose biometric data is to be verified; and 

means for comparing biometric daU for said person against said set of 
template biometric data. 
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